Cyber Police ransomware can lock your Android device and ask for payment

android cyber police ransomware news nearly a billion phones could be hackable with single text message
An exploit called “Cyber Police” has been in the wild for sometime, but a new method it is utilizing can now affect millions of Android devices. It will it lock your device, rendering it useless, and it can be installed on a device without any user interaction from the victim.

Cyber Police, a form of ransomware, was recently discovered by Blue Coat Labs and confirmed by Zimperium Labs, the same group that discovered the StageFright hack.

What is ransomware?

Ransomare is software with malicious code that can lock a device or computer so that it cannot be used. This means that you won’t be able to open any apps or access the settings on the device. A message usually appears explaining the device is locked and that you need to pay a “ransom” in order to unlock it and get rid of the malicious software.

The good news is that your data is usually safe, but the bad news is that paying the ransom won’t actually remove the software.

The Cyber Police hack explained

Cyber_Police_Android_Ransomware_Screenshot_01The Cyber Police name comes from how it represents itself once it’s active on your device. You’ll see a message like the one below explaining that your device has been locked because you supposedly have browsed illegal websites in the past.

The message claims to come from some sort of agency, which might be called the “American national security agency” or something similar.

This “agency” will give you a certain amount of time to pay a “ransom” so that it doesn’t take legal action, and as an extra bonus, the “agency” will restore your device. In this example, the “ransom” is two $100 Apple iTunes gift card codes. Sounds simple enough, but you were never under any legal threat in the first place, and paying the ransom won’t unlock your device.

Cyber_Police_Android_Ransomware_Screenshot_02The scary part of this exploit is that it can be installed on your device from a simple ad on a Web page, without the need for you to actually open it. And there is no way to detect these malicious ads. Andrew Brandt, director of threat research at Blue Coat Labs said, “This is the first time, to my knowledge [that] an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim.” Since the exploit is actually an app, you would think that permissions would have to be approved, but somehow they are bypassed.

After the hack was discovered by Blue Coat, Joshua Drake from Zimperium labs analyzed it and found out the app uses a root tool known as Towelroot to take control of your device. It also utilizes certain exploits that were leaked during the Hacking Team breach. The Hacking Team, based in Milan, Italy, sells surveillance capabilities to local enforcement agencies, governments, and private companies. A breach of the Hacking Team’s own data in July 2015 revealed several exploits that hackers were able to use.

According to Blue Coat, The Cyber Police trojan was first documented in December 2015, but this newer method might have been in existence since February 2016.

Affected devices

The good news is that if you use an Android device that isn’t much more than a year old, you’re probably okay. This exploit can only affect Android versions 4.0.3 to 4.4.4. That’s Ice Cream Sandwich (2011) to KitKat (2013). Thankfully, most newer phones have already been upgraded to Lollipop (2014) or higher. However, according to the latest Android dashboard (April 4, 2016), 56.9 percent of all Android devices fall into these version numbers. That means more than 500 million Android devices are affected worldwide. Because of the terrible rate most Android phones get updates, these devices will most likely never get updated again, so they will always be vulnerable to the threat.

Blue Coat found the exploit on an older Samsung tablet running CyanogenMod 10, which was based on Android 4.2.2. Although CyanogenMod is a custom ROM, you don’t need to have one installed in order for the trojan app to take over your device.

Protecting yourself

Assuming you have an Android device running one of the affected software versions, there isn’t much you can do to completely block an attack. However, there are a few things you can do that might limit your chances of falling victim.

The first and most obvious thing to do is buy a newer device, since your current phone or tablet probably won’t get updated with a patch. Of course, that might not be feasible at the moment, so you can try to avoid shady websites. Those are the ones that are more likely to have the type of ads that can install the trojan app on your device. It’s unlikely these ads will appear on well known sites like Google, CNN, Amazon, ESPN, or Digital Trends (don’t leave us!). One other thing you can try is to install a newer browser app like Chrome, which could potentially block malicious ads from infecting your system.

Lastly, no matter what you do, make sure you regularly backup all your pictures, videos, music, and other important files. Although the Cyber Police attack probably won’t delete them from your device, you might not have access to them while the exploit is in place.

Removing the exploit

The is some uncertainty here, but there is at least some hope. The first thing you need to know is to never pay a ransom some computer program throws at you no matter what. You’ll only lose money because your device will remain useless.

According to Brandt at Blue Coat Labs, he was able to factory reset the Samsung tablet to successfully remove the trojan app. Unfortunately a factory reset results in all data on the device being erased. It’s a pain, but it’s the best option. If your data isn’t already backed up, you can try to connect your phone or tablet to a desktop or laptop and see if you can copy the contents before initiating a factory reset.

Since you won’t be able to get into the settings, you’ll need to initiate a factory reset a little differently. Each device differs slightly, but try this on Samsung devices:

  1. Press and hold the Power button, Volume Up button and Home key while the device is turned off.
  2. Once the Samsung logo appears, release only the Power Button.
  3. The Android system recovery screen will appear.
  4. Use the Volume buttons to highlight wipe data/factory reset.
  5. Press the Power button to select the factory reset option.

Some users have indicated that they were unable to factory reset there device because the trojan app prevented them from doing so. You also might be in a situation where you don’t have a backup of your data and you were unable to access the data while connecting your device to a computer. In either of these cases, you can try to reboot your device into safe mode. By doing so, you’ll be able to open Settings, followed by the Applications, and Applications Manager to delete the trojan app. Unfortunately figuring out the trojan app won’t be easy though.

Here’s how to reboot your device into safe mode:

  1. While your device is on, press and hold the power button for a few seconds until you get the prompt to turn off your phone.
  2. Tap and hold the Power Off option on the display for a few seconds until you get the prompt to confirm that you want to reboot into safe mode.

Once you’re in safe mode, open the Application Manager and look for any app under the Downloaded  tab that you don’t recognize and delete it. Unfortunately this will probably be harder than it sounds, but it’s worth a shot. Once you’re all set, just turn off the phone or tablet as you normally do and turn it on to reboot it in its normal state. Hopefully the trojan app will be gone and your phone will be unlocked. You can always repeat the process and try again.

If you’re unable to factory reset your device or delete the trojan app, it might be time to get a new one.

Mobile

Is Google launching an A.I. fitness coach for smartwatches?

Google is reportedly working on a health and well-being coach for Wear OS devices. Known as "Google Coach," the assistant will be able to suggest workouts, meal plans, and more, based on a user's activity.
Home Theater

Become a master caster with these Google Chromecast tips and tricks

Google's Chromecast and Chromecast Ultra are the ultimate budget-friendly streaming devices for cord cutters. We've put together a list of our favorite tips and tricks to help you get the most out of your Chromecast.
Mobile

Need a do-over? Here's how to factory reset an iPhone, from X on down

Resetting an iPhone can alleviate all sorts of software woes, and wipe away personal data should you sell your device or give it to someone else. Here's how to factory reset an iPhone from within iOS or iTunes.
Mobile

Google is updating Android Go with Android 9 Pie Go Edition

Android Go is a lightweight version of Android that promises to improve the user experience on devices with low-end processors or 1GB of RAM or less. Here's everything you need to know about Android Go.
Mobile

Google confirms it still tracks users who turn Location History off

Google is tracking your location -- even when you tell it not to. According to an investigation by the Associated Press, Google services store location data, regardless of whether privacy settings claim otherwise.
Mobile

Is your smartphone frozen? Here's how to reset your iPhone

You can do a lot with an iPhone, but if you ever run into an issue with it, the first thing you should do is restart it. In this guide, we tell you how to reset your iPhone, and explain how it differs from a factory reset.
Home Theater

Crazybaby’s Air 1S true wireless earbuds won’t make you look like a dork

Audio technology company Crazybaby has launched the Air 1S true wireless earbuds, offering considerable connectivity improvements over previous models while retaining the sleek style and supreme comfort.
Mobile

The HTC U12 Plus is now available in color-shifting Flame Red shade

HTC has released some pretty great flagship phones in the past few years, and it's now aiming to follow up with another one. After plenty of rumors and leaks, the company has finally taken the wraps off of the new HTC U12 Plus.
Mobile

A subway passenger may have snagged a shot of the upcoming Pixel 3 XL

It hasn't been too long since Google launched the Pixel 2, but it's already gearing up for the next iteration, the Google Pixel 3. Here's everything we know about the upcoming phones so far.
Mobile

HMD may announce the U.S. release of the Nokia 6.1 Plus next week

It's shaping up to be a big year for HMD. After announcing five phones at MWC earlier this year, the handset manufacturer is reportedly bringing another budget phone, the Nokia 6.1 Plus, to the U.S.
Mobile

Newly leaked photos show a fully functioning Motorola One Power

Many of us have come to know and love Motorola's extensive lineup of budget phones. But Motorola makes some pretty awesome midrange smartphones as well. And it looks like we're about to see its next phone, the Motorola One Power, very soon.
Mobile

How to find a lost phone, whether it's Android, iPhone, or any other kind

Need to know how to find a lost phone? Here, we’ll help you locate your lost or stolen phone using both native and third-party apps and services, whether it’s a smartphone or an older variety.
Product Review

Sony's underwhelming XZ2 Premium makes a better camera than a phone

Sony’s third flagship phone of 2018 is its first to ever feature a dual-camera lens. The Sony Xperia XZ2 Premium can capture ultra-low-light video far better than the iPhone X or Galaxy Note 9, but is it worth the high cost?
Mobile

The OnePlus 6T could launch on T-Mobile in October, report says

According to a recent report, the launch of the OnePlus 6T could be different from any other OnePlus launch in history. How? It could have the backing of a major U.S. carrier. The report notes that the phone could launch on T-Mobile.